Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0406
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Adobe. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Adobe | Acrobat DC | Acrobat DC versions antérieures à 24.002.20759 | ||
| Adobe | Acrobat Reader DC | Acrobat Reader DC versions antérieures à 24.002.20759 | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30635 pour macOS | ||
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30636 pour Windows | ||
| Adobe | Acrobat Reader | Acrobat Reader 2020 versions antérieures à 20.005.30636 pour Windows | ||
| Adobe | Acrobat | Acrobat 2020 versions antérieures à 20.005.30635 pour macOS |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Acrobat DC versions ant\u00e9rieures \u00e0 24.002.20759",
"product": {
"name": "Acrobat DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 24.002.20759",
"product": {
"name": "Acrobat Reader DC",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30635 pour macOS",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30636 pour Windows",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat Reader 2020 versions ant\u00e9rieures \u00e0 20.005.30636 pour Windows",
"product": {
"name": "Acrobat Reader",
"vendor": {
"name": "Adobe",
"scada": false
}
}
},
{
"description": "Acrobat 2020 versions ant\u00e9rieures \u00e0 20.005.30635 pour macOS",
"product": {
"name": "Acrobat",
"vendor": {
"name": "Adobe",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-34094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34094"
},
{
"name": "CVE-2024-34099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34099"
},
{
"name": "CVE-2024-34096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34096"
},
{
"name": "CVE-2024-34098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34098"
},
{
"name": "CVE-2024-30312",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30312"
},
{
"name": "CVE-2024-30310",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30310"
},
{
"name": "CVE-2024-30311",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30311"
},
{
"name": "CVE-2024-30284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30284"
},
{
"name": "CVE-2024-34100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34100"
},
{
"name": "CVE-2024-34101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34101"
},
{
"name": "CVE-2024-34097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34097"
},
{
"name": "CVE-2024-34095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34095"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0406",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb24-29 du 14 mai 2024",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
]
}
CVE-2024-34099 (GCVE-0-2024-34099)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2024-08-02 02:43
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
7.8 (High)
CWE
- CWE-284 - Improper Access Control (CWE-284)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:07:43.573775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:42:08.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:43:00.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control (CWE-284)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T10:00:11.648Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-XXXX: [Pwn2Own] Acrobat sandbox bypass part 2 of 2"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-34099",
"datePublished": "2024-05-15T10:00:11.648Z",
"dateReserved": "2024-04-30T19:50:50.899Z",
"dateUpdated": "2024-08-02T02:43:00.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34100 (GCVE-0-2024-34100)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2024-08-02 02:42
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free (CWE-416)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:08:30.628601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:00.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T10:00:18.857Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use-After-Free vulnerability in the latest Adobe Acrobat Reader DC when open malicious PDF file"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-34100",
"datePublished": "2024-05-15T10:00:18.857Z",
"dateReserved": "2024-04-30T19:50:50.899Z",
"dateUpdated": "2024-08-02T02:42:59.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34097 (GCVE-0-2024-34097)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2024-08-02 02:42
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free (CWE-416)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:06:04.012121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:45.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T10:00:09.418Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-23473: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-34097",
"datePublished": "2024-05-15T10:00:09.418Z",
"dateReserved": "2024-04-30T19:50:50.899Z",
"dateUpdated": "2024-08-02T02:42:59.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30311 (GCVE-0-2024-30311)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2025-02-13 17:47
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
5.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read (CWE-125)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:09:19.717940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:07.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:06.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:08:37.677Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1946"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TALOS-2024-1946 - Adobe Acrobat Reader Font gvar GlyphVariationData out-of-bounds read vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-30311",
"datePublished": "2024-05-15T10:00:13.706Z",
"dateReserved": "2024-03-26T16:04:09.509Z",
"dateUpdated": "2025-02-13T17:47:48.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34101 (GCVE-0-2024-34101)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2024-08-02 02:42
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
5.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read (CWE-125)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:10:47.781640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:13.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T10:00:18.105Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-23614: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-34101",
"datePublished": "2024-05-15T10:00:18.105Z",
"dateReserved": "2024-04-30T19:50:50.900Z",
"dateUpdated": "2024-08-02T02:42:59.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30312 (GCVE-0-2024-30312)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2025-02-13 17:47
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
5.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read (CWE-125)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:10:04.322642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:59.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:06.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1952"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "NONE",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:06:23.116Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1952"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "TALOS-2024-1952 - Adobe Acrobat Reader Font CPAL numColorRecords out-of-bounds read vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-30312",
"datePublished": "2024-05-15T10:00:14.431Z",
"dateReserved": "2024-03-26T16:04:09.510Z",
"dateUpdated": "2025-02-13T17:47:49.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34098 (GCVE-0-2024-34098)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2024-08-02 02:43
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
7.8 (High)
CWE
- CWE-20 - Improper Input Validation (CWE-20)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:06:52.248689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:42:01.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:43:00.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T10:00:15.985Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-XXXX: [Pwn2Own] Acrobat sandbox bypass part 1 of 2"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-34098",
"datePublished": "2024-05-15T10:00:15.985Z",
"dateReserved": "2024-04-30T19:50:50.899Z",
"dateUpdated": "2024-08-02T02:43:00.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34094 (GCVE-0-2024-34094)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2024-08-02 02:42
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free (CWE-416)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:04:20.234501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:53.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T10:00:07.983Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-23474: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-34094",
"datePublished": "2024-05-15T10:00:07.983Z",
"dateReserved": "2024-04-30T19:50:50.898Z",
"dateUpdated": "2024-08-02T02:42:59.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34095 (GCVE-0-2024-34095)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2024-08-02 02:42
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free (CWE-416)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThan": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:05:18.235063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:42:16.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T10:00:12.362Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-23475: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-34095",
"datePublished": "2024-05-15T10:00:12.362Z",
"dateReserved": "2024-04-30T19:50:50.898Z",
"dateUpdated": "2024-08-02T02:42:59.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30284 (GCVE-0-2024-30284)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2024-08-02 01:32
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free (CWE-416)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:02:29.215010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:38:35.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:06.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T10:00:16.717Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-23466: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-30284",
"datePublished": "2024-05-15T10:00:16.717Z",
"dateReserved": "2024-03-26T16:04:09.504Z",
"dateUpdated": "2024-08-02T01:32:06.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30310 (GCVE-0-2024-30310)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2024-08-02 01:32
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write (CWE-787)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-30310",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T13:03:24.833301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:26.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:32:07.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write (CWE-787)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T10:00:06.290Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-23327: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-30310",
"datePublished": "2024-05-15T10:00:06.290Z",
"dateReserved": "2024-03-26T16:04:09.507Z",
"dateUpdated": "2024-08-02T01:32:07.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34096 (GCVE-0-2024-34096)
Vulnerability from cvelistv5 – Published: 2024-05-15 10:00 – Updated: 2024-08-02 02:42
VLAI?
EPSS
Summary
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity ?
7.8 (High)
CWE
- CWE-416 - Use After Free (CWE-416)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
0 , ≤ 24.002.20736
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_dc:-:*:*:*:pro:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader_dc:-:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader_dc",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "-",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat:2020:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:adobe:acrobat_reader:2020:*:*:*:classic:*:*:*"
],
"defaultStatus": "unknown",
"product": "acrobat_reader",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "20.005.30574",
"status": "affected",
"version": "2020",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T12:52:31.228166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:26.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "24.002.20736",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-05-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free (CWE-416)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-15T10:00:10.936Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-29.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ZDI-CAN-23472: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-34096",
"datePublished": "2024-05-15T10:00:10.936Z",
"dateReserved": "2024-04-30T19:50:50.898Z",
"dateUpdated": "2024-08-02T02:42:59.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…